<?php
define('ISADMIN', true);
include('../config.php');

if (empty($install) && empty($upgrade) && !is_logged_in()) {
	$error = false;
	if (isset($_POST['submit'])) {
		$c = get_post_data();
		
		if (empty($c['username']) || empty($c['password'])) $error = true;
		$user = get_single_item(array(
			'table' => USERS,
			'class' => 'user',
			'where' => '`user_username` = "'.escape($c['username']).'" AND `user_password` = "'.md5($c['password']).'" AND `user_isadmin` = 1'
		));
		
		if (empty($user)) $error = true;
		
		if ($error === false) {
			setcookie($tablePrefix.'loggedIn', $c['username'].'_'.md5(SECRET.sha1(md5($c['password']).get_date('n'))), time()+(60*60*24*30), '/');
			header('Location: index.php');
		}
	}
	
	set_page_info('title', 'Please Login');
	get_header();
?>
		<h2>Please Login</h2>
<?php if ($error === true) { ?>
		<p class="error">That username and password combination doesn't work.</p>
<?php } ?>
		<form action="index.php" method="post">
			<p><label for="username">Username</label>
			<input type="text" name="username" id="username" /></p>
			
			<p><label for="password">Password</label>
			<input type="password" name="password" id="password" /></p>
			
			<p><input type="submit" name="submit" class="button" value="Login" /></p>
		</form>
<?php
	get_footer();
}

//$referer = get_global($_SERVER, 'HTTP_REFERER');
//if (!empty($referer) && !preg_match('/^'.preg_quote(str_replace('www.', '', get_option('website')), '/').'/', $referer)) error('Please don\'t access this page directly.');

if (!defined('ACTION') || (defined('ACTION') && ACTION != 'delete')) {
	session_start();
	$_SESSION['token'] = md5(uniqid(rand(), true));
} elseif (defined('ACTION') && ACTION == 'delete') {
	session_start();
}
?>